Water Sigbin is a threat actor attributed to CN, also known as Returned Libra, 8220 Gang, Water Sigbin. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Water Sigbin exploit?

Water Sigbin is known to exploit 4 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Water Sigbin

Also known as: Returned Libra, 8220 Gang, Water Sigbin, 8220 Mining Group

CNFinancial gain

Exploited CVEs

Overview

The 8220 Gang, also known as Water Sigbin, is a threat actor group that focuses on deploying cryptocurrency-mining malware. They exploit vulnerabilities in Oracle WebLogic servers, such as CVE-2017-3506 and CVE-2023-21839, to deliver cryptocurrency miners using PowerShell scripts. The group has demonstrated a sophisticated multistage loading technique to deploy the PureCrypter loader and XMRIG crypto miner. They are known for using obfuscation techniques, such as hexadecimal encoding and code obfuscation, to evade detection and compromise systems.

Exploited Vulnerabilities

CVE ID	Action
CVE-2022-26134